CVE-2020-1167

Description

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16923.

Related CPE's

omicrosoftwindows_10-*******

vulnerable

omicrosoftwindows_101607*******

vulnerable

omicrosoftwindows_101709*******

vulnerable

omicrosoftwindows_101803*******

vulnerable

omicrosoftwindows_101809*******

vulnerable

omicrosoftwindows_101903*******

vulnerable

omicrosoftwindows_101909*******

vulnerable

omicrosoftwindows_102004*******

vulnerable

omicrosoftwindows_server_2016-*******

vulnerable

omicrosoftwindows_server_2019-*******

vulnerable

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1167

Patch

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-20-1247/

Third Party Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

7.8

VectorString

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

REQUIRED

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

COMPLETE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

9.3

VectorString

AV:N/AC:M/Au:N/C:C/I:C/A:C

Version

2.0

AccessVector

NETWORK

Authentication

NONE